Sorry Linux Users, glibc 2.37 And 2.36 Have A Serious Vulnerability

Source: Bleeping Computer Sorry Linux Users, glibc 2.37 And 2.36 Have A Serious Vulnerability

Free Root On Debian, Ubuntu, and Fedora

Hey Linux admins, time to update your GNU C Library to 2.38 as glibc 2.37 and glibc 2.36 have a rather nasty vulnerability.  There is a difficult but not impossible to exploit heap-based buffer overflow attack which will give an attacker root access to your devices, at which point you are pretty much hosed.  The glibc vulnerability was proven to work on a wide variety of distros, including Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39.  It is very likely other versions are also susceptible.

Just in case your digestion hasn’t been completely ruined, Qualys, the security company that revealed this flaw also found three others.  While they are not quite as horrific, all are related to glibc which is something you really can’t live without.  Time to get patching!

Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!